|
248631
|
5.3 |
MEDIUM
Network
|
moodle
|
moodle
|
In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing.
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2017-7490
|
2024-11-21 12:32 |
2017-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248632
|
6.3 |
MEDIUM
Network
|
moodle
|
moodle
|
In Moodle 2.x and 3.x, remote authenticated users can take ownership of arbitrary blogs by editing an external blog link.
|
CWE-269
Improper Privilege Management
|
CVE-2017-7489
|
2024-11-21 12:32 |
2017-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248633
|
7.8 |
HIGH
Local
|
linux
debian
|
linux_kernel
debian_linux
|
The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel through 4.11.1 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have u…
|
CWE-416
Use After Free
|
CVE-2017-7487
|
2024-11-21 12:32 |
2017-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248634
|
9.8 |
CRITICAL
Network
|
dolibarr
|
dolibarr_erp\/crm
|
Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier.
|
CWE-326
Inadequate Encryption Strength
|
CVE-2017-7888
|
2024-11-21 12:32 |
2017-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248635
|
6.1 |
MEDIUM
Network
|
dolibarr
|
dolibarr_erp\/crm
|
Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-7887
|
2024-11-21 12:32 |
2017-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248636
|
9.8 |
CRITICAL
Network
|
dolibarr
|
dolibarr_erp\/crm
|
Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter.
|
CWE-89
SQL Injection
|
CVE-2017-7886
|
2024-11-21 12:32 |
2017-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248637
|
7.8 |
HIGH
Local
|
swftools
|
swftools
|
A Use After Free in the pdf2swf part of swftools 0.9.2 and earlier allows remote attackers to execute arbitrary code via a malformed PDF document, possibly a consequence of an error in Gfx.cc in Xpdf…
|
CWE-416
Use After Free
|
CVE-2017-7698
|
2024-11-21 12:32 |
2017-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248638
|
7.1 |
HIGH
Network
|
advantech
|
webaccess
|
An Absolute Path Traversal issue was discovered in Advantech WebAccess Version 8.1 and prior. The absolute path traversal vulnerability has been identified, which may allow an attacker to traverse th…
|
CWE-22
Path Traversal
|
CVE-2017-7929
|
2024-11-21 12:32 |
2017-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248639
|
7.3 |
HIGH
Network
|
dahuasecurity
|
dh-ipc-hdbw23a0rn-zs_firmware
dh-ipc-hdbw13a0sn_firmware
dh-ipc-hdw1xxx_firmware
dh-ipc-hdw2xxx_firmware
dh-ipc-hdw4xxx_firmware
dh-ipc-hfw1xxx_firmware
dh-ipc-hfw2xxx_firmware
d…
|
A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2017-7927
|
2024-11-21 12:32 |
2017-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248640
|
9.8 |
CRITICAL
Network
|
dahuasecurity
|
dh-ipc-hdbw23a0rn-zs_firmware
dh-ipc-hdbw13a0sn_firmware
dh-ipc-hdw1xxx_firmware
dh-ipc-hdw2xxx_firmware
dh-ipc-hdw4xxx_firmware
dh-ipc-hfw1xxx_firmware
dh-ipc-hfw2xxx_firmware
d…
|
A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX,…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2017-7925
|
2024-11-21 12:32 |
2017-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
